About:
In an effort to provide additional value to our customers RedLegg will be releasing monthly security bulletins for critical vulnerabilities as they are released from major software vendors. RedLegg will provide as much context and information as is available at the time the bulletin is released.
RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update if any exists. If no update exists there will be remediation or mitigation suggestions in order to limit the risk that each vulnerability represents.
*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
VULNERABILITIES
.NET Framework Remote Code Execution Vulnerability
Identifier: CVE-2022-41089
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089
Description: CVE-2022-41089 allows for remote code execution. User interaction is required to successfully exploit this vulnerability. This vulnerability triggers restricted mode when parsing XPS files, inhibiting gadget chains and eliciting remote code execution on an affected system.
Mitigation Recommendation: Patching is currently the only method of mitigation.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Identifier: CVE-2022-44690
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-44690
Description: CVE-2022-44690 allows for remote code execution. Successful exploitation does not require user interaction. This vulnerability would allow an authenticated attacker with Manage List permissions to execute code arbitrarily on the SharePoint Server.
Mitigation Recommendation: Patching is currently the only method of mitigation.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Identifier: CVE-2022-44693
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44693
Description: CVE-2022-44693 allows for remote code execution. Successful exploitation does not require user interaction. This vulnerability would allow an authenticated attacker with Manage List permissions to execute code arbitrarily on the SharePoint Server.
Mitigation Recommendation: Patching is currently the only method of mitigation.
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Identifier: CVE-2022-41127
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127
Description: CVE-2022-41127 allows for remote code execution. This vulnerability does not require user interaction; however, authentication is required. Successful exploitation requires an attacker to establish favorable exploitation conditions by developing a targeted environment.
Mitigation Recommendation: Patching is currently the only method of mitigation.
PowerShell Remote Code Execution Vulnerability
Identifier: CVE-2022-41076
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076
Description: CVE-2022-41076 allows for remote code execution. This vulnerability would allow an authenticated attacker to execute unauthorized commands on a targeted system by escaping the PowerShell Remoting Session Configuration. Exploiting this vulnerability requires an attacker to produce a target environment prior to executing the attack. User interaction is not required.
Mitigation Recommendation: Patching is currently the only method of mitigation.
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Identifier: CVE-2022-44670
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44670
Description: CVE-2022-44670 allows for remote code execution. User interaction and authentication are not required for successful exploitation. This vulnerability would allow an attacker to transmit customized connection requests to a RAS server to provoke a remote code execution on the RAS server machine. Successfully exploiting this vulnerability demands the attacker win a race condition.
Mitigation Recommendation: Patching is currently the only method of mitigation.
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Identifier: CVE-2022-44676
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44676
Description: CVE-2022-44676 allows for remote code execution. User interaction and authentication are not required for successful exploitation. This vulnerability would allow an attacker to transmit customized connection requests to a RAS server to provoke a remote code execution on the RAS server machine. Successfully exploiting this vulnerability demands the attacker win a race condition.
Mitigation Recommendation: Patching is currently the only method of mitigation.
